On Sun, Aug 1, 2010 at 11:28, Cory Prowse <[email protected]> wrote: > I am attempting to set an ACL on a node which allows the AUTHORS group all > privileges, and denies EVERYONE all privileges, and it seems the order of the > entries in the ACL is reversed. > > I use the following snippet of code to set the ACL on a node: > > // ALLOW authors ALL > jackrabbitAccessControlList.addAccessControlEntry(AUTHORS_GROUP, > new Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL) }); > // DENY everyone ALL > jackrabbitAccessControlList.addEntry(EveryonePrincipal.getInstance(), > new Privilege[] { acm.privilegeFromName(Privilege.JCR_ALL) }, false); > > This does not work, however if these entries are added in reverse order > (DENY:everyone first, followed by ALLOW:authors) then I get the outcome I'm > looking for.
What do you mean by it does not work? Are the entries not saved? Is one missing? Are the final privileges different from what you expect? What exactly do you expect? > I have verified the order is reversed by stepping through the method > "ACLProvider.buildResult()". > > Is this expected behaviour? I think so, because DENY wins over ALLOW entries in general. And in the authors group is also everyone... Regards, Alex -- Alexander Klimetschek [email protected]
